From 4bd0658ce5c2b04d87f854dc037f7e10eb34a462 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Tue, 10 Mar 2026 23:00:45 +0100 Subject: [PATCH 1/3] Automatically turn on LMS / XMSS full hash When WOLFSSL_NO_HASH_RAW is definied due to hardware hash offload, turn on LMS anx XMSS full hash. Without this they will not compile automatically when there is hardware SHA acceleration. --- wolfssl/wolfcrypt/wc_lms.h | 6 ++++++ wolfssl/wolfcrypt/wc_xmss.h | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h index 8726a7b4cb5..18a13c86979 100644 --- a/wolfssl/wolfcrypt/wc_lms.h +++ b/wolfssl/wolfcrypt/wc_lms.h @@ -95,6 +95,12 @@ #include #include +/* When hash struct internals are not accessible (hardware SHA acceleration), + * fall back to full hash API calls. */ +#if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_LMS_FULL_HASH) + #define WC_LMS_FULL_HASH +#endif + #ifdef WOLFSSL_LMS_MAX_LEVELS /* Maximum number of levels of trees supported by implementation. */ #define LMS_MAX_LEVELS WOLFSSL_LMS_MAX_LEVELS diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h index db7ba441676..c9b4265805a 100644 --- a/wolfssl/wolfcrypt/wc_xmss.h +++ b/wolfssl/wolfcrypt/wc_xmss.h @@ -34,6 +34,12 @@ #include #include +/* When hash struct internals are not accessible (hardware SHA acceleration), + * fall back to full hash API calls. */ +#if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_XMSS_FULL_HASH) + #define WC_XMSS_FULL_HASH +#endif + #if !defined(WOLFSSL_WC_XMSS) #error "This code is incompatible with external implementation of XMSS." #endif From dca9951355194fdaf9c1c328e400f9140ce30f33 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Fri, 20 Mar 2026 10:22:46 +0000 Subject: [PATCH 2/3] Fixup code comments in XMSS and LMS --- wolfssl/wolfcrypt/wc_lms.h | 4 ++-- wolfssl/wolfcrypt/wc_xmss.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfssl/wolfcrypt/wc_lms.h b/wolfssl/wolfcrypt/wc_lms.h index 18a13c86979..914ffa13712 100644 --- a/wolfssl/wolfcrypt/wc_lms.h +++ b/wolfssl/wolfcrypt/wc_lms.h @@ -95,8 +95,8 @@ #include #include -/* When hash struct internals are not accessible (hardware SHA acceleration), - * fall back to full hash API calls. */ +/* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW), + * fall back to using the full hash API calls. */ #if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_LMS_FULL_HASH) #define WC_LMS_FULL_HASH #endif diff --git a/wolfssl/wolfcrypt/wc_xmss.h b/wolfssl/wolfcrypt/wc_xmss.h index c9b4265805a..200cd4322ef 100644 --- a/wolfssl/wolfcrypt/wc_xmss.h +++ b/wolfssl/wolfcrypt/wc_xmss.h @@ -34,8 +34,8 @@ #include #include -/* When hash struct internals are not accessible (hardware SHA acceleration), - * fall back to full hash API calls. */ +/* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW), + * fall back to using the full hash API calls. */ #if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_XMSS_FULL_HASH) #define WC_XMSS_FULL_HASH #endif From 4cdb979920233d18f70d487d667b1ffdf360e594 Mon Sep 17 00:00:00 2001 From: Andrew Hutchings Date: Fri, 20 Mar 2026 11:12:15 +0000 Subject: [PATCH 3/3] Remove unneeded entries from known macro extras --- .wolfssl_known_macro_extras | 2 -- 1 file changed, 2 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 6c06931b990..a6ec217fd40 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -638,7 +638,6 @@ WC_DILITHIUM_FIXED_ARRAY WC_DISABLE_RADIX_ZERO_PAD WC_FLAG_DONT_USE_AESNI WC_FORCE_LINUXKM_FORTIFY_SOURCE -WC_LMS_FULL_HASH WC_NO_ASYNC_SLEEP WC_NO_RNG_SIMPLE WC_NO_STATIC_ASSERT @@ -658,7 +657,6 @@ WC_SSIZE_TYPE WC_STRICT_SIG WC_USE_PIE_FENCEPOSTS_FOR_FIPS WC_WANT_FLAG_DONT_USE_VECTOR_OPS -WC_XMSS_FULL_HASH WIFIESPAT WIFI_101 WIFI_AVAILABLE